Do not propose (EC)DHE suites if we do not support them

author: Martin Willi <martin@revosec.ch> 2010-09-03 18:24:03 +0200
committer: Martin Willi <martin@revosec.ch> 2010-09-03 18:24:03 +0200
commit: 4e68c1cfdc31891d74789390c5834b762a705783 (patch)
tree: 903195801741c1e1f93ad804f93b2d039906a4ad /src
parent: 4254257f9d8da77c2d9846c6956873a19a428283 (diff)
download: strongswan-4e68c1cfdc31891d74789390c5834b762a705783.tar.bz2
strongswan-4e68c1cfdc31891d74789390c5834b762a705783.tar.xz
1 files changed, 5 insertions, 1 deletions
diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c
index 2fb5a1feb..49ee88def 100644
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -625,7 +625,9 @@ static void filter_suite(private_tls_crypto_t *this,
 				 !current.encr || current.encr == suites[i].encr) &&
 				(!current.mac  || current.mac  == suites[i].mac) &&
 				(!current.prf  || current.prf  == suites[i].prf) &&
-				(!current.hash || current.hash == suites[i].hash))
+				(!current.hash || current.hash == suites[i].hash) &&
+				(suites[i].dh == MODP_NONE ||
+				 !current.dh   || current.dh   == suites[i].dh))
 			{
 				suites[remaining] = suites[i];
 				remaining++;
@@ -712,6 +714,8 @@ static void build_cipher_suite_list(private_tls_crypto_t *this,
 				 lib->crypto->create_prf_enumerator);
 	filter_suite(this, suites, &count, offsetof(suite_algs_t, hash),
 				 lib->crypto->create_hasher_enumerator);
+	filter_suite(this, suites, &count, offsetof(suite_algs_t, dh),
+				 lib->crypto->create_dh_enumerator);
 
 	free(this->suites);
 	this->suite_count = count;
author	Martin Willi <martin@revosec.ch>	2010-09-03 18:24:03 +0200
committer	Martin Willi <martin@revosec.ch>	2010-09-03 18:24:03 +0200
commit	4e68c1cfdc31891d74789390c5834b762a705783 (patch)
tree	903195801741c1e1f93ad804f93b2d039906a4ad /src
parent	4254257f9d8da77c2d9846c6956873a19a428283 (diff)
download	strongswan-4e68c1cfdc31891d74789390c5834b762a705783.tar.bz2 strongswan-4e68c1cfdc31891d74789390c5834b762a705783.tar.xz